CVE-2023-40289

2024-03-2704:15:10

[email protected]

web.nvd.nist.gov

cve-2023-40289

supermicro

command injection

privilege escalation

administrative privileges

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.

References

www.supermicro.com/en/support/security_BMC_IPMI_Oct_2023

www.supermicro.com/en/support/security_center#%21advisories